Vulnerabilidades em Nextcloud

288 resultados

CVE-2023-22470LOWNextcloud Deck vulnerable to uncontrolled resource consumption EPSS 0.7%CVE-2025-47793MEDIUMNextcloud Server and Groupfolders app vulnerable to bypass of group folder quota limit using attachment in text fileEPSS 0.7%CVE-2023-23942MEDIUMSelf reflected HTML injection in Desktop clientEPSS 0.7%CVE-2023-30540LOWChat poll data can still be queried from API after purging history in Nextcloud talkEPSS 0.7%CVE-2024-52515MEDIUMNextcloud Server has incomplete sanitization of SVG files allows to embed other images into previewsEPSS 0.7%CVE-2017-0891—Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilitiEPSS 0.6%CVE-2017-0893—Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which EPSS 0.6%CVE-2023-48301LOWNextcloud Server HTML injection in search UI when selecting a circle with HTML in the display nameEPSS 0.6%CVE-2024-37312MEDIUMNextcloud user_oidc app's ID4me feature is available even when disabledEPSS 0.6%CVE-2018-3764—In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring EPSS 0.6%CVE-2024-52523MEDIUMNextcloud Server Custom defined credentials of external storages are sent back to the frontendEPSS 0.6%CVE-2022-24889LOWInsufficient Verification of Data Authenticity in Nextcloud ServerEPSS 0.6%CVE-2023-30539MEDIUMUsers can set up workflows using restricted and invisible system tags in NextcloudEPSS 0.6%CVE-2023-28644MEDIUMReference fetch can saturate the server bandwidth for 10 seconds in nextcloud serverEPSS 0.6%CVE-2022-31119LOWPassword disclosure in log file in Nextcloud Mail AppEPSS 0.6%CVE-2018-3781—A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaEPSS 0.6%CVE-2023-28844MEDIUMUser without download rights can download older version of that file in nextcloud serverEPSS 0.6%CVE-2018-3763—In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS EPSS 0.6%CVE-2023-49791MEDIUMWorkflows do not require password confirmation on API levelEPSS 0.6%CVE-2022-31132HIGHUnauthenticated SSRF in 3rd party module "cerdic/csstidy"EPSS 0.6%

← anteriorpágina 7 / 15próxima →